Results 1 to 4 of 4

Thread: Need Help with page redirection...

  1. #1
    WebEvader's Avatar
    WebEvader is offline Moderator
    Join Date
    Jan 2009
    Posts
    397
    Blog Entries
    2
    Thanks
    166
    Thanked 26 Times in 21 Posts

    Wink Need Help with page redirection...

    Hey,

    Basically here is the problem:

    I have a list of links on a site called http:// xxx.com, say 400.

    When someone clicks on a link they go to http:// xxx.com/redirect.php?http://link to site.com

    That page will then redirect to http://link to site.com via

    <meta http-equiv="refresh" content="5;url=url=.../>

    The problem is what do I put between url= and /> ?

  2. #2
    Keldorn's Avatar
    Keldorn is offline Net Builder
    Join Date
    Dec 2008
    Location
    Canada
    Posts
    400
    Thanks
    21
    Thanked 60 Times in 52 Posts
    The way you propose is 1. harder to validate. 2. Someone could stick a cross site scripting attack in the url like redirect.php?<script>alert('xss');</script> . Your also missing an extra part of the query. You will need some thing for $_GET so maby use ?url=

    so redirect.php?url=http://example.com

    Then could get the url by doing

    PHP Code:
    $toRedirect $_GET['url'];
    echo 
    "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"3;URL={$toRedirect}\">"


    But also you would have to validate it.. which is the hard part and I cannot think of anything at the moment quickly that would validate that.



    Better to use an Integer for the $_GET. like redirect.php?id=1 . Then in your mysql query you can get the url by the example code below, Assuming in your mysql database table there is a field called "url" that has url like "http://example.com" and also an auto_incrementing field called "id".


    Btw this code could have syntax error. I didn't run it. I just wrote it off the top of my head while posting this.
    PHP Code:
    <?php
    $id 
    false;
    // If ?id= is set is only a integer.
    if(!empty($_GET['id']) && is_numeric($_GET['id'])) {
       
     
    $id $_GET['id'];

    }
    $sql = array();
    $link mysql_connect('localhost''database_user''database_password') or die('Could not connect: ' mysql_error());
    $db_selected mysql_select_db('database_name',$link) or die(mysql_error());
    sql mysql_query('SELECT * FROM url_table WHERE id={$id}') or die("oops");
    $toRedirect mysql_fetch_assoc($sql);

    // If id does not exist
    if(!toRedirect) {
       
       
    header('HTTP/1.0 404 Not Found');
       exit(
    'Not Found');

    }

    echo  
    "<html><head><title>Redirection...</title>"
            
    "<meta http-equiv=\"refresh\" content=\"5;url={$toRedirect['url']}\"/>"
            
    "</head><body><h1>You being redirected to"
            
    "<a href=\"{$toRedirect['url']}\">{$toRedirect['url']}</a>"
            
    "</body></html>";
    Of course there is many other things you could do like count hits to the link.
    Submit new proxies -

  3. Thanked by:

    WebEvader (3 October, 2009)

  4. #3
    WebEvader's Avatar
    WebEvader is offline Moderator
    Join Date
    Jan 2009
    Posts
    397
    Blog Entries
    2
    Thanks
    166
    Thanked 26 Times in 21 Posts
    Hmm, I can't do that since I don't have the id table.

    Is there anyway in which I can just get the text after the '?' and redirect to that page ?

    EDIT: Thanks Keldorn, I used your script and it's now working, i am also able to count the hits using some other snippets of code

    If you look at WebEvader, every site which is not a premium listing and is clicked on goes to a loading page where it is then redirected...

  5. #4
    Keldorn's Avatar
    Keldorn is offline Net Builder
    Join Date
    Dec 2008
    Location
    Canada
    Posts
    400
    Thanks
    21
    Thanked 60 Times in 52 Posts
    Like I said you have to validate it.

    Put this url into your browser..

    Code:
    http://www.webevader.org/redirect.php?url="><script>alert(String.fromCharCode(88,83,83))</script>
    Crafting that even more I could steal the cookies off your forum members by having them click and then hijack their profiles.
    For this case a good strip_tags(); might work

    PHP Code:
    $toRedirect strip_tags($_GET['id']); 
    It also opens up your site to being a free spam relay.

    Code:
    http://www.webevader.org/redirect.php?url=http://evilspamsite.com
    Submit new proxies -

Similar Threads

  1. [WTT] Proxy List Submission Page / Home Page Trade
    By vectro in forum Links
    Replies: 2
    Last Post: 8 December, 2010, 04:13 AM
  2. Replies: 0
    Last Post: 29 April, 2010, 11:26 AM
  3. help with htaccess redirection
    By MeetHere in forum Programming
    Replies: 10
    Last Post: 18 October, 2009, 17:01 PM
  4. How to avoid blogger redirection window?
    By hendricius in forum Blogging
    Replies: 4
    Last Post: 31 August, 2009, 07:29 AM
  5. Need help with redirection...
    By WebEvader in forum Programming
    Replies: 5
    Last Post: 30 August, 2009, 21:05 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •